Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity

ci: set board fields for tf example test (#2867)

Browse Source
This commit is contained in:
Adrian Stobbe 2024-01-29 16:45:26 +01:00 committed by GitHub
parent 7ce5caae24
commit 3799525103
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 61 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

97
.github/workflows/e2e-test-provider-example.yml vendored
View File

@ -6,14 +6,6 @@ on:
ref:
type: string
description: "Git ref to checkout"
cloudProvider:
description: "Which cloud provider to use."
type: choice
options:
- "aws"
- "azure"
- "gcp"
required: true
regionZone:
description: "Region or zone to create the cluster in. Leave empty for default region/zone."
type: string
@ -31,15 +23,21 @@ on:
description: Kubernetes version to target for the upgrade, empty for no upgrade.
type: string
required: false
attestationVariant:
description: "Attestation variant to use."
type: choice
options:
- "aws-sev-snp"
- "azure-sev-snp"
- "azure-tdx"
- "gcp-sev-es"
default: "azure-sev-snp"
required: true
workflow_call:
inputs:
ref:
type: string
description: "Git ref to checkout"
cloudProvider:
description: "Which cloud provider to use."
type: string
required: true
regionZone:
description: "Which zone to use."
type: string
@ -57,6 +55,10 @@ on:
description: Kubernetes version to target for the upgrade, empty for target's default version.
type: string
required: false
attestationVariant:
description: "Attestation variant to use."
type: string
required: true
jobs:
provider-example-test:
@ -103,6 +105,15 @@ jobs:
last_three="${run_id: -3}"
echo "prefix=e2e-${last_three}" | tee -a "$GITHUB_OUTPUT"
- name: Determine cloudprovider from attestation variant
id: determine
shell: bash
run: |
attestationVariant="${{ inputs.attestationVariant }}"
cloudProvider="${attestationVariant%%-*}"
echo "cloudProvider=${cloudProvider}" | tee -a "$GITHUB_OUTPUT"
- name: Log in to the Container registry
uses: ./.github/actions/container_registry_login
with:
@ -155,7 +166,7 @@ jobs:
rm -rf "${terraform_provider_dir}"
- name: Login to AWS (IAM + Cluster role)
if: inputs.cloudProvider == 'aws'
if: steps.determine.outputs.cloudProvider == 'aws'
uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2.2.0
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2ETerraform
@ -164,17 +175,27 @@ jobs:
role-duration-seconds: 21600
- name: Login to Azure (IAM + Cluster service principal)
if: inputs.cloudProvider == 'azure'
if: steps.determine.outputs.cloudProvider == 'azure'
uses: ./.github/actions/login_azure
with:
azure_credentials: ${{ secrets.AZURE_E2E_TF_CREDENTIALS }}
- name: Login to GCP (IAM + Cluster service account)
if: inputs.cloudProvider == 'gcp'
if: steps.determine.outputs.cloudProvider == 'gcp'
uses: ./.github/actions/login_gcp
with:
service_account: "terraform-e2e@constellation-e2e.iam.gserviceaccount.com"
- name: Set Kubernetes version
id: kubernetes
run: |
# take the middle (2nd) supported Kubernetes version (default)
if [[ "${{ inputs.providerVersion }}" != "" ]]; then
echo "VERSION=$(../release/constellation config kubernetes-versions | awk 'NR==3{print $1}')" | tee -a "$GITHUB_OUTPUT"
else
echo "VERSION=$(../build/constellation config kubernetes-versions | awk 'NR==3{print $1}')" | tee -a "$GITHUB_OUTPUT"
fi
- name: Common CSP Terraform overrides
working-directory: ${{ github.workspace }}
shell: bash
@ -189,11 +210,11 @@ jobs:
version=${prefixed_version#v} # remove v prefix
if [[ "${{ inputs.providerVersion }}" == "" ]]; then
iam_src="../terraform-module/iam/${{ inputs.cloudProvider }}"
infra_src="../terraform-module/${{ inputs.cloudProvider }}"
iam_src="../terraform-module/iam/${{ steps.determine.outputs.cloudProvider }}"
infra_src="../terraform-module/${{ steps.determine.outputs.cloudProvider }}"
else
iam_src="https://github.com/edgelesssys/constellation/releases/download/${{ inputs.providerVersion }}/terraform-module.zip//terraform-module/iam/${{ inputs.cloudProvider }}"
infra_src="https://github.com/edgelesssys/constellation/releases/download/${{ inputs.providerVersion }}/terraform-module.zip//terraform-module/${{ inputs.cloudProvider }}"
iam_src="https://github.com/edgelesssys/constellation/releases/download/${{ inputs.providerVersion }}/terraform-module.zip//terraform-module/iam/${{ steps.determine.outputs.cloudProvider }}"
infra_src="https://github.com/edgelesssys/constellation/releases/download/${{ inputs.providerVersion }}/terraform-module.zip//terraform-module/${{ steps.determine.outputs.cloudProvider }}"
fi
# by default use latest nightly image for devbuilds and release image otherwise
@ -211,12 +232,7 @@ jobs:
fi
fi
# take the middle (2nd) supported Kubernetes version (default)
if [[ "${{ inputs.providerVersion }}" != "" ]]; then
kubernetes_version="$(../release/constellation config kubernetes-versions | awk 'NR==3{print $1}')"
else
kubernetes_version="$(../build/constellation config kubernetes-versions | awk 'NR==3{print $1}')"
fi
kubernetes_version="${{ steps.kubernetes.outputs.version }}"
cat > _override.tf <<EOF
terraform {
@ -238,20 +254,21 @@ jobs:
image_version = "${image_version}"
microservice_version = "${prefixed_version}"
kubernetes_version = "${kubernetes_version}"
attestation_variant = "${{ inputs.attestationVariant }}"
}
module "${{ inputs.cloudProvider }}_iam" {
module "${{ steps.determine.outputs.cloudProvider }}_iam" {
source = "${iam_src}"
}
module "${{ inputs.cloudProvider }}_infrastructure" {
module "${{ steps.determine.outputs.cloudProvider }}_infrastructure" {
source = "${infra_src}"
}
EOF
cat _override.tf
- name: Create GCP Terraform overrides
if: inputs.cloudProvider == 'gcp'
if: steps.determine.outputs.cloudProvider == 'gcp'
working-directory: ${{ github.workspace }}/cluster
shell: bash
run: |
@ -267,7 +284,7 @@ jobs:
cat _override.tf
- name: Create AWS Terraform overrides
if: inputs.cloudProvider == 'aws'
if: steps.determine.outputs.cloudProvider == 'aws'
working-directory: ${{ github.workspace }}/cluster
shell: bash
run: |
@ -285,7 +302,7 @@ jobs:
working-directory: ${{ github.workspace }}
shell: bash
run: |
cp ${{ github.workspace }}/terraform-provider-constellation/examples/full/${{ inputs.cloudProvider }}/main.tf ${{ github.workspace }}/cluster/main.tf
cp ${{ github.workspace }}/terraform-provider-constellation/examples/full/${{ steps.determine.outputs.cloudProvider }}/main.tf ${{ github.workspace }}/cluster/main.tf
- name: Apply Terraform Cluster
id: apply_terraform
@ -293,7 +310,7 @@ jobs:
shell: bash
run: |
terraform init
if [[ "${{ inputs.cloudProvider }}" == "azure" ]]; then
if [[ "${{ steps.determine.outputs.cloudProvider }}" == "azure" ]]; then
terraform apply -target module.azure_iam -auto-approve
terraform apply -target module.azure_infrastructure -auto-approve
../build/constellation maa-patch "$(terraform output -raw maa_url)"
@ -331,7 +348,7 @@ jobs:
if [[ "${{ inputs.toKubernetes }}" != "" ]]; then
cat >> _override.tf <<EOF
resource "constellation_cluster" "${{ inputs.cloudProvider }}_example" {
resource "constellation_cluster" "${{ steps.determine.outputs.cloudProvider }}_example" {
kubernetes_version = "${{ inputs.toKubernetes }}"
}
EOF
@ -342,7 +359,7 @@ jobs:
# needs to be explicitly set to upgrade
cat >> _override.tf <<EOF
resource "constellation_cluster" "${{ inputs.cloudProvider }}_example" {
resource "constellation_cluster" "${{ steps.determine.outputs.cloudProvider }}_example" {
constellation_microservice_version = "${prefixed_version}"
}
EOF
@ -388,10 +405,10 @@ jobs:
fi
# cfg must be in same dir as KUBECONFIG
../build/constellation config generate "${{ inputs.cloudProvider }}"
../build/constellation config generate "${{ steps.determine.outputs.cloudProvider }}"
# make cfg valid with fake data
# IMPORTANT: zone needs to be correct because it is used to resolve the CSP image ref
if [[ "${{ inputs.cloudProvider }}" == "azure" ]]; then
if [[ "${{ steps.determine.outputs.cloudProvider }}" == "azure" ]]; then
location="${{ inputs.regionZone || 'northeurope' }}"
yq e ".provider.azure.location = \"${location}\"" -i constellation-conf.yaml
@ -400,7 +417,7 @@ jobs:
yq e '.provider.azure.resourceGroup = "myResourceGroup"' -i constellation-conf.yaml
yq e '.provider.azure.userAssignedIdentity = "myIdentity"' -i constellation-conf.yaml
fi
if [[ "${{ inputs.cloudProvider }}" == "gcp" ]]; then
if [[ "${{ steps.determine.outputs.cloudProvider }}" == "gcp" ]]; then
zone="${{ inputs.regionZone || 'europe-west3-b' }}"
region=$(echo "${zone}" | rev | cut -c 2- | rev)
yq e ".provider.gcp.region = \"${region}\"" -i constellation-conf.yaml
@ -412,7 +429,7 @@ jobs:
yq e '.nodeGroups.worker_default.zone = "europe-west3-b"' -i constellation-conf.yaml
yq e '.provider.gcp.serviceAccountKeyPath = "/path/to/your/service-account-key.json"' -i constellation-conf.yaml
fi
if [[ "${{ inputs.cloudProvider }}" == "aws" ]]; then
if [[ "${{ steps.determine.outputs.cloudProvider }}" == "aws" ]]; then
zone=${{ inputs.regionZone || 'us-east-2c' }}
region=$(echo "${zone}" | rev | cut -c 2- | rev)
yq e ".provider.aws.region = \"${region}\"" -i constellation-conf.yaml
@ -444,4 +461,8 @@ jobs:
with:
projectWriteToken: ${{ secrets.PROJECT_WRITE_TOKEN }}
test: "terraform-provider-example"
provider: ${{ inputs.cloudProvider }}
refStream: ${{ inputs.ref}}
provider: ${{ steps.determine.outputs.cloudProvider }}
kubernetesVersion: ${{ steps.kubernetes.outputs.version }}
clusterCreation: "terraform"
attestationVariant: ${{ inputs.attestationVariant }}

4
.github/workflows/e2e-test-weekly.yml vendored
View File

@ -494,7 +494,7 @@ jobs:
strategy:
fail-fast: false
matrix:
cloudProvider: ["gcp", "azure", "aws"]
attestationVariant: ["gcp-sev-es", "azure-sev-snp", "azure-tdx", "aws-sev-snp"]
permissions:
id-token: write
contents: read
@ -502,4 +502,4 @@ jobs:
secrets: inherit
uses: ./.github/workflows/e2e-test-provider-example.yml
with:
cloudProvider: ${{ matrix.cloudProvider }}
attestationVariant: ${{ matrix.attestationVariant }}